RNUG Lotus User Group (www.vlaad.lv)

    Enabling 2Factor Authentication for IBM Verse on Prem/iNotes in less than 20 minutes

    Vladislav Tatarincev  23 January 2019 10:09:56


    2 Factor authentication is a security default nowadays. This feature is a must-have!
    There are several way to do 2FA, call some cloud API, install 2FA server. These scenarios are ok for some clients, and not ok for others.

    Solution that I want to describe is pretty simple and as result stable, and can be installed and configured under 20 minutes!


    It is based on DSAPI (Domino Security API) file, which is small DLL (Windows) or .so (Linux), that is loaded with Domino HTTP and small configuration database (our lovely NSF)


    Solution is able to send SMS codes via GSM Modem or Clickatell Cloud [cloud again ;) ], or use TOTP for example Google Authenticator. With TOTP you need nothing else than Domino.
    There is even a way to allow user to decide receive a SMS or use TOTP, or even sent it to alternative email like [email protected]


    As always in enterprise, this solution has flexible and configurable settings for all customer needs.

    2FA also helps to be compliant with GDPR. GDPR Regula says " that in addition to login/password pair you should have additional security".  2FA perfectly covers this , since this is a security on top.

    Since I am big fan of monitoring, solutions allows to monitor 2FA statistics. If user's password is leaked to hackers and hacker fail on 2FA, SMSLogin.FailedLogins will start to grow. Since we monitor around 200-400 different aspects of Domino with Monitoring solution, one of our customers was able to detect account hack attempt. Hacker got password, but 2FA stopped from getting in.


    Image:Enabling 2Factor Authentication for IBM Verse on Prem/iNotes in less than 20 minutes


    Description of solution can be found here.
    https://cyone.eu/products-and-solutions/two-factor-authentication/  If you are IBM Partner and want to resell this solution to your clients, please contact us on this page.

    Video above shows that 2FA is installed under 20 min. User friendly Self Enrollment portal allows users to enable 2FA, while watching Redirect database.
    https://www.youtube.com/watch?v=4qbhEnKtsjU

    Archives